Date: Mon, 15 May 2017 22:41:01 +0000 (UTC) From: Brooks Davis <brooks@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r318322 - in stable/11: contrib/netbsd-tests/lib/libc/rpc lib/libc/rpc Message-ID: <201705152241.v4FMf1dQ068257@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: brooks Date: Mon May 15 22:41:01 2017 New Revision: 318322 URL: https://svnweb.freebsd.org/changeset/base/318322 Log: MFC r317660, r317710 r317660: Support clnt_raw's use of FD_SETSIZE as a fake file descriptor. Accomplish this by allocating space for it in __svc_xports and allowing it to be registered. The failure to allocate space was causing an out-of-bounds read in svc_getreq_common(). The failure to register caused PR 211804. The bug was found with CHERI bounds checking. PR: 211804 Obtained from: CheriBSD Sponsored by: DARPA, AFRL Reviewed by: ngie Differential Revision: https://reviews.freebsd.org/D10528 r317710: Remove expected failure now that it was fixed in r317660. PR: 211804 Reviewed by: ngie Obtained from: CheriBSD Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D10576 Modified: stable/11/contrib/netbsd-tests/lib/libc/rpc/t_rpc.c stable/11/lib/libc/rpc/svc.c Directory Properties: stable/11/ (props changed) Modified: stable/11/contrib/netbsd-tests/lib/libc/rpc/t_rpc.c ============================================================================== --- stable/11/contrib/netbsd-tests/lib/libc/rpc/t_rpc.c Mon May 15 21:58:36 2017 (r318321) +++ stable/11/contrib/netbsd-tests/lib/libc/rpc/t_rpc.c Mon May 15 22:41:01 2017 (r318322) @@ -325,10 +325,6 @@ ATF_TC_HEAD(raw, tc) ATF_TC_BODY(raw, tc) { -#ifdef __FreeBSD__ - atf_tc_expect_fail("fails with: clnt_call: " - "RPC: Can't decode result -- PR # 211804"); -#endif rawtest(NULL); } Modified: stable/11/lib/libc/rpc/svc.c ============================================================================== --- stable/11/lib/libc/rpc/svc.c Mon May 15 21:58:36 2017 (r318321) +++ stable/11/lib/libc/rpc/svc.c Mon May 15 22:41:01 2017 (r318322) @@ -108,18 +108,19 @@ xprt_register(SVCXPRT *xprt) rwlock_wrlock(&svc_fd_lock); if (__svc_xports == NULL) { __svc_xports = (SVCXPRT **) - mem_alloc(FD_SETSIZE * sizeof(SVCXPRT *)); + mem_alloc((FD_SETSIZE + 1) * sizeof(SVCXPRT *)); if (__svc_xports == NULL) { rwlock_unlock(&svc_fd_lock); return; } - memset(__svc_xports, '\0', FD_SETSIZE * sizeof(SVCXPRT *)); + memset(__svc_xports, '\0', (FD_SETSIZE + 1) * sizeof(SVCXPRT *)); } if (sock < FD_SETSIZE) { __svc_xports[sock] = xprt; FD_SET(sock, &svc_fdset); svc_maxfd = max(svc_maxfd, sock); - } + } else if (sock == FD_SETSIZE) + __svc_xports[sock] = xprt; rwlock_unlock(&svc_fd_lock); } @@ -157,7 +158,8 @@ __xprt_do_unregister(SVCXPRT *xprt, bool if (__svc_xports[svc_maxfd]) break; } - } + } else if ((sock == FD_SETSIZE) && (__svc_xports[sock] == xprt)) + __svc_xports[sock] = NULL; if (dolock) rwlock_unlock(&svc_fd_lock); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201705152241.v4FMf1dQ068257>